1. Amazon Inspector is an AWS service that automatically identifies software vulnerabilities and network exposures in AWS workloads.
It now links Amazon ECR images to active containers, allowing security teams to prioritize vulnerabilities based on actual runtime usage
Inspector scans a range of AWS resources, including EC2, Lambda, ECR container images, and CI/CD pipelines
The service supports vulnerability scanning for minimal base images (scratch, distroless, Chainguard) and popular ecosystems like WordPress, Puppeteer, and Apache Tomcat
Container mapping shows which ECR images are running on ECS and EKS, with details like cluster ARN and number of pods/tasks
Advanced scanning can be configured by image push, pull, or last in-use date, with flexible monitoring windows (14–180 days)
Findings now include runtime-aware details such as InUseCount and lastInUseAt, helping prioritize cleanup and remediation